|
|
|
|
|
|
by toomanybeersies
1829 days ago
|
|
|
Trying to enact policy via the second order effects of the tax code is a terrible idea. If companies should meet a minimum standard of security practices and policies, then this should be legislated. Same as fire codes and OH&S standards. If companies should have ransomware insurance, then mandate that companies should have ransomware insurance. Same as how certain organisations require public liability insurance. |
|
|
This is what I'm saying. It's a far better solution than subsidizing bad security practices w/ tax. Require insurance and the insurance companies will ensure you have decent security practices (or pay a lot more). If you can't afford it for your business, well then your business can't compete in the market.
Obviously the details matter though. It would be rough at first, but eventually insurance companies would have a vested interest in quality security audits.